Implement method HEAD in ApiListener #6062
Conversation
|
@Yale96, can you check (or perhaps add a check) that no real content data is received if the HEAD method is used? Maybe we need to add something to prevent that (or that it is used to by pass security etc). |
Indeed please add a test for this. I see nothing in code now to prevent data from being returned. |
core/src/main/java/org/frankframework/http/rest/ApiListener.java
Outdated
Show resolved
Hide resolved
core/src/test/java/org/frankframework/http/rest/ApiListenerServletTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/org/frankframework/http/rest/ApiListenerTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/org/frankframework/http/rest/ApiListenerServletTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/org/frankframework/http/rest/ApiListenerServletTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/org/frankframework/http/rest/ApiListenerTest.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/frankframework/http/rest/ApiListenerServlet.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/frankframework/http/rest/ApiListenerServlet.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/frankframework/http/rest/ApiListener.java
Outdated
Show resolved
Hide resolved
| if (result == null && method == ApiListener.HttpMethod.HEAD) { | ||
| MimeType contentType = determineContentType(messageContext, listener, null); | ||
| response.setContentType(contentType.toString()); | ||
| } | ||
|
|
There was a problem hiding this comment.
Two comments on this:
result == nullis not the same asMessage.isEmpty(result)- I think that since both blocks have same content you can merge the if-conditions:
if (!Message.isEmpty(result) || method == ApiListener.HttpMethod.HEAD))
| @@ -1198,8 +1225,11 @@ public void testRequestWithAccept(Methods method) throws Exception { | |||
|
|
|||
| // Assert | |||
| assertEquals(200, result.getStatus()); | |||
| Message input = requestMessage; | |||
| assertEquals("application/xml", input.getContext().get("Header.accept")); | |||
| if (method != Methods.HEAD) { | |||
There was a problem hiding this comment.
Why is the exception on method HEAD needed here?
There was a problem hiding this comment.
That's not needed anymore indeed. I will remove it
core/src/test/java/org/frankframework/http/rest/ApiListenerServletTest.java
Show resolved
Hide resolved
| @@ -579,9 +579,11 @@ else if(segment.startsWith("{") && segment.endsWith("}")) { | |||
| */ | |||
| response.addHeader("Allow", (String) messageContext.get("allowedMethods")); | |||
|
|
|||
| if (!Message.isEmpty(result)) { | |||
| if (!Message.isEmpty(result) && result.size() != -1) { | |||
There was a problem hiding this comment.
This is not the correct change because you now make setting content-type dependent on result-size being known.
What I had suggested earlier was to combine (!Message.isEmpty(result) || method == ApiListener.HttpMethod.HEAD)
Checking for size can be done in a nested if. And when setting content-length on the response, you should not need to also add a header content-length because the HttpResponse implementation should do this for you.
| } else { | ||
| response.setContentLength(0); | ||
| response.addHeader("content-length", "0"); |
There was a problem hiding this comment.
Now you always set content-length to 0 when method = HEAD?
I thought that that goes against the intention?
| Response result = service(createRequest(uri, Methods.HEAD, null, headers)); | ||
|
|
||
| // Assert | ||
| assertEquals(200, result.getStatus()); |
There was a problem hiding this comment.
I do not see a check here that the content of the response is empty. That check is perhaps the most important check to validate if HEAD did what it is supposed to do.
| assertEquals("OPTIONS, HEAD", result.getHeader("Allow")); | ||
| assertNull(result.getErrorMessage()); | ||
| assertFalse(result.containsHeader("etag")); | ||
| assertEquals("0", result.getHeader("content-length")); |
There was a problem hiding this comment.
The length of the response should not have been 0 as the response-content that would have been returned by GET would have been {"tralalalallala"}.
| assertNull(result.getErrorMessage()); | ||
| assertFalse(result.containsHeader("etag")); | ||
| assertEquals("0", result.getHeader("content-length")); | ||
| assertEquals("*/*", result.getHeader("content-type")); |
There was a problem hiding this comment.
I'm surprised that the content-type header is */* and not JSON. Can you please set the mimetype on the repeatableMessage to JSON? Or otherwise the produces on the ApiListenerBuilder?
| public void apiListenerWithHeadMethodCall() throws Exception { | ||
| // Arrange | ||
| String uri = "/apiListenerWithHeadMethodCall"; | ||
| Message repeatableMessage = Message.asMessage(new Message("{\"tralalalallala\":true}").asByteArray()); |
There was a problem hiding this comment.
After applying other comments to this test, I would like a copy of this test where this repeatableMessage is constructed with an empty string, but the size set to something like 20 by setting the corresponding key in the MessageContext. Then the content-length returned by HEAD should also be 20.
Co-authored-by: J. Koster <j.koster@gmx.com>
| /* | ||
| * Finalize the pipeline and write the result to the response | ||
| */ | ||
| final boolean outputWritten = writeToResponseStream(response, result); |
…442-Implement-method-head-in-ApiListener # Conflicts: # core/src/main/java/org/frankframework/http/rest/ApiListener.java
nielsm5
changed the title
| @@ -240,6 +226,7 @@ public boolean accepts(@Nullable String acceptHeader) { | |||
| * HTTP method to listen to | |||
| * @ff.default GET | |||
| */ | |||
| @Deprecated | |||
There was a problem hiding this comment.
| @Deprecated |
Deze moet hier denk ik niet?
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -577,15 +577,18 @@ | |||
| /* | |||
| * Add headers | |||
| */ | |||
| response.addHeader("Allow", (String) messageContext.get("allowedMethods")); | |||
| response.addHeader("Allow", (String) pipelineSession.get("allowedMethods")); | |||
Check warning
Code scanning / CodeQL
HTTP response splitting Medium
No description provided.